New User questions about security

Security
, , ,
#1

Hi, I’m an owner of a medical home care company. OpenEMR amazed me. Definitely will test this. But, having a couple of questions regarding OpemEMR security:

  1. Des OpenEMR has 2FA authentication?
  2. What password-encryption type is on Open EMR?
  3. does the OpenEMR have a patient portal?
  4. HIPPAA compatible but how about European GDPR? It is also compatible?
    Thank you in advance!
#2

hi @Frayer1 ,

  1. yes (supports TOTP and U2F)
  2. 3 password hashing options (defaults to bcrypt/blowfish, other options are argon and crypt/sha512) (all considered secure)
  3. yes
  4. don’t know; this would be a good thing to research (ie. what are the specific requirements and then could provide more specifics)
#3

Hello,
Regarding GDPR you need to make some modifications regarding patient information (forms build). Others aspects are concerning mainly your architecture (location, access, etc…) and sécurity build (back-up, Disaster Recovery, logs). European Régulations is asking GRPD for all private data and many countries asking more for Health Private Data Storage (HDS).
To go deeper :

  • It’s simple if you stored yourself (as physicians or clinics) even in Saas Mode. Déclarations and build are need.
  • If you dedicate to a private IT company, it will need little bit more than GRPD (like HDS for France - Health Data Stage or Germany, Spain, Italy even UK…;-)). The company need a Health Data Storage Certification.

Regards,

Brahim